Release Notes
orcharhino 6.9.0 is here!
Tech Update Video
A short overview of the new features introduced in orcharhino 6.9
Highlights
Support for Ubuntu 24.04 “Noble Numbat” as an operating system for hosts.
orcharhino 6.9 can provision and manage hosts running Ubuntu 24.04.
Scaling data security: Disk Encryption Support using Clevis and Tang for AlmaLinux, Red Hat Enterprise Linux, Rocky Linux, and Ubuntu.
Fighting data security risk is becoming increasingly challenging. In a distributed environment, the risk of losing a system image and its data is always immanent. Disk encryption hinders data theft. Clevis and Tang provide an automated and scaling solution. Making it possible to use disk encryption across the whole data center, at all sizes.
-
- Example for AlmaLinux on how to setup and use Clevis/Tang for disk encryption during provisioning: Associating partition tables with disk encryption
System Integrity: Secure Boot Support.
Hardening of systems to ensure only known code is running is an important part of a secure infrastructure. Secure Boot enforces only validated code is running as an operation system.
orcharhino 6.9 can provision Secure Boot-enabled hosts.
-
- Documentation (Example for AlmaLinux): Configuring orcharhino Proxy to provision AlmaLinux on Secure Boot enabled hosts
- Considerations and limitations for other operating systems: Secure Boot with Debian and Secure Boot with SUSE Linux Enterprise Server and Ubuntu in ATIX Service Portal
Automated offline upgrades: using ISO images and Ansible playbook.
To increase the structural security customers often set up the infrastructure in an isolated way. For such an ‘air gap’ or ‘offline’ setup orcharhino 6.9 provide a tool set to automate the update using ISO images and Ansible playbook.
-
- For more information, see the orcharhino documentation: Performing automated upgrade by using Ansible playbook
Tech previews
Host registration template: orcharhino 6.9 provides the ability to add multiple dependency repositories for registration. This can be used to deploy SUSE Linux Enterprise Server and other guests that need multiple repositories.
-
-
example for AlmaLinux: Registering hosts by using global registration
-
orcharhino Clients for Ubuntu 24.04 Noble
Upgrading orcharhino Server using Ansible playbook and ISO images
Register hosts providing multiple repositories
orcharhino documentation contains a list of required repositories for SUSE Linux Enterprise Server: Registering hosts and setting up host integration – orcharhino documentation
Changelog Features
- Host Provisioning (Debian): The “$arch” variable in media path can now be set to the current architecture during template rendering.
- Host Provisioning (SLES) simplified: The or_sles_client provisioning snippet now uses the subscription_manager_setup snippet what simplifies the provisioning process. For more details on the host registration process, see https://docs.orcharhino.com/or/docs/sources/guides/suse_linux_enterprise_server/managing_hosts/registering_hosts.html#Registering_Hosts_by_Using_Global_Registration_managing-hosts
- Host registration via bootstrap: The bootstrap.py script now provides an option to add multiple dependency repositories for the registration.
- Job Templates: Added job templates to install packages on hosts using “Update Package – orcharhino Ansible Default – Ansible” and “Update packages by search query – Katello Ansible Default”.
- orcharhino Clients (Debian): Added ARM64 client for Debian 12.
- orcharhino Clients (Debian/Ubuntu): Added package to migrate from katello-agent to REX pull provider for ARM and PowerPC.
- orcharhino Clients (RHEL9): Added orcharhino Clients for Red Hat Enterprise Linux 9 on PPC64LE.
- orcharhino Installation: Added Kickstart files to install orcharhino on an EFI-system with GPT partition-table.
Changelog CVE
- CVE-2023-44487 (orcharhino Clients): Updated REX Pull Provider to mitigate denial of service attack because request cancellation resets multiple streams quickly.
- CVE-2024-4812: Fixed potential XSS issue in pages which use AngularJS and React.
- CVE-2024-28103 (Core Components): Updated rubygem-rails to version 6.1.7.8.
Changelog Bugfixes
- Configuration Management via Ansible: Fixed a bug that caused hidden Ansible variables to be shown in plain text under “Variables” and “Inventory” of a host’s details page.
- Content Management: Pulp now uses batching for exports what fixes an issue when exporting large amounts of files in a repository or Content View.
- Host Registration template: Correctly parse Ubuntu version when registering an Ubuntu host.
- Host Registration via bootstrap: Placed GPG public key in “/etc/apt/trusted.gpg.d/” in favor of using “apt-key add” which is deprecated on Debian and Ubuntu.
- New Host Details Page: Fixed a bug that caused a page crash if boolean parameters without explicit value were added.
orcharhino Clients (Debian/Ubuntu): Added missing dependency “bzip” for OpenSCAP clients. - orcharhino Clients (EL8/9): Use “dnf needs-restarting” command to determine tracer information for client hosts.
- orcharhino Maintenance: Password from hammer-config takes precedence over value from “/etc/orcharhino-installer/answers.yaml” in post-upgrade ansible-playbook.
- orcharhino Proxy: Start the free-ips service for Microsoft DHCP servers which is essential for cleaning up IP addresses that are no longer in use.
- Provisioning Templates: Fixed formatting issue of Autoinstall templates (yaml) when using custom partitioning during host creation.
- Provisioning Templates: Fixed schema error in Proxmox cloud init template and removed gateway4 deprecation warnings.
- Remote Execution: Fix “puppet not found” error with run-once remote execution job by sourcing puppet-agent.sh from “/etc/profile.d/” to set the $PATH variable.
- Remote Execution: Remote jobs to remove packages that are not present on hosts no longer return an error on Debian and Ubuntu.
- Task Execution: Suppress serialization warnings from Sidekiq.
Deprecations
- orcharhino Client for SLES 15 SP1: We no longer maintain the orcharhino Client for SLES 15 SP1 as SUSE no longer provides any security updates. If you have the orcharhino Client synchronized, you can continue using it. If you plan to upgrade your managed hosts, have a look at our “SLES Service Pack Upgrade” job template to automate this process.
- orcharhino Client for CentOS Stream 8: We no longer maintain the orcharhino Client for CentOS Stream 8 as the operating system is end-of-life since May 31st 2024. If you have the orcharhino Client synchronized, you can continue using it.
- To harden the orcharhino-server we have removed the orcharhino-rex-user package, which configures the orcharhino itself to be a working target with remote execution. If you want to add orcharhino Clients or synchronize content for orcharhino Proxies, use the shell scripts in “/opt/orcharhino/automation/” on your orcharhino Server.
- “foreman_hooks”: We will remove the “foreman_hooks” plugin in an upcoming orcharhino release. We recommend that you migrate to the “webhooks” plugin. For more information, see Using Webhooks in Administering orcharhino.
Changelog Documentation
- Documented usage of multiple dependency repositories using bootstrap.py: https://docs.orcharhino.com/or/docs/sources/guides/almalinux/managing_hosts/registering_hosts.html#Registering_Hosts_Using_the_Bootstrap_Script
- Ensure OS entry is present before registering a host to orcharhino: https://docs.orcharhino.com/or/docs/sources/guides/debian/managing_hosts/registering_hosts.html#registering-a-host_managing-hosts
- Fixed the port for accessing orcharhino Proxies in the documentation, for example in the chapter on using shellhooks: https://docs.orcharhino.com/or/docs/sources/guides/administering_orcharhino.html#shellhooks_admin
- Clarified adding errata to Debian and Ubuntu repositories: https://docs.orcharhino.com/or/docs/sources/guides/debian/managing_content/importing_content.html#Adding_upstream_repositories_for_Debian_11_content-management
- Added Kickstart files for hosts with EFI-based “/boot” partition: https://docs.orcharhino.com/or/docs/sources/installation_and_maintenance/installing_orcharhino_server.html#Kickstart_Requirements
- Compute Resources: Added installation instructions to add Google GCE compute resource to orcharhino: https://docs.orcharhino.com/or/docs/sources/compute_resources/google_gce.html
- Added documentation to store logs on orcharhino Server and orcharhino Proxies in JSON format: https://docs.orcharhino.com/or/docs/sources/guides/administering_orcharhino.html#configuring-logging-type-and-layout_admin
- Added documentation on how to create and use personal access tokens in orcharhino: https://docs.orcharhino.com/or/docs/sources/guides/administering_orcharhino.html#managing-personal-access-tokens_admin
- Extended documentation on how to manage DHCP, DNS, and TFTP using orcharhino Proxies: https://docs.orcharhino.com/or/docs/sources/guides/configuring_external_services.html